优化basic授权结构

2026-05-13 09:01:27 +08:00 · 2018-09-21 17:13:23 +08:00
parent afbe914558
commit 8a1c4bc3db
4 changed files with 26 additions and 36 deletions
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
@@ -12,6 +12,7 @@ import org.hswebframework.web.authorization.basic.web.session.UserTokenAutoExpir
 import org.hswebframework.web.authorization.token.UserTokenManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanPostProcessor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -119,4 +120,16 @@ public class AuthorizingHandlerAutoConfiguration {
            return bean;
        }
    }
+
+    @Configuration
+    @ConditionalOnProperty(prefix = "hsweb.authorize", name = "basic-authorization", havingValue = "true")
+    @ConditionalOnClass(UserTokenForTypeParser.class)
+    public static class BasicAuthorizationConfiguration {
+        @Bean
+        public BasicAuthorizationTokenParser basicAuthorizationTokenParser(AuthenticationManager authenticationManager,
+                                                                           UserTokenManager tokenManager) {
+            return new BasicAuthorizationTokenParser(authenticationManager, tokenManager);
+        }
+
+    }
 }
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/BasicAuthorizationTokenParser.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/BasicAuthorizationTokenParser.java
@@ -0,0 +1,93 @@
+package org.hswebframework.web.authorization.basic.configuration;
+
+import org.apache.commons.codec.binary.Base64;
+import org.hswebframework.web.authorization.Authentication;
+import org.hswebframework.web.authorization.AuthenticationManager;
+import org.hswebframework.web.authorization.basic.web.AuthorizedToken;
+import org.hswebframework.web.authorization.basic.web.ParsedToken;
+import org.hswebframework.web.authorization.basic.web.UserTokenForTypeParser;
+import org.hswebframework.web.authorization.simple.PlainTextUsernamePasswordAuthenticationRequest;
+import org.hswebframework.web.authorization.token.UserToken;
+import org.hswebframework.web.authorization.token.UserTokenManager;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class BasicAuthorizationTokenParser implements UserTokenForTypeParser {
+
+    private AuthenticationManager authenticationManager;
+
+    private UserTokenManager userTokenManager;
+
+    @Override
+    public String getTokenType() {
+        return "basic";
+    }
+
+    public BasicAuthorizationTokenParser(AuthenticationManager authenticationManager, UserTokenManager userTokenManager) {
+        this.authenticationManager = authenticationManager;
+        this.userTokenManager = userTokenManager;
+    }
+
+    @Override
+    public ParsedToken parseToken(HttpServletRequest request) {
+        String authorization = request.getHeader("Authorization");
+        if (authorization == null) {
+            return null;
+        }
+        if (authorization.contains(" ")) {
+            String[] info = authorization.split("[ ]");
+            if (info[0].equalsIgnoreCase(getTokenType())) {
+                authorization = info[1];
+            }
+        }
+        try {
+            String usernameAndPassword = new String(Base64.decodeBase64(authorization));
+            UserToken token = userTokenManager.getByToken(usernameAndPassword);
+            if (token != null && token.isNormal()) {
+                return new ParsedToken() {
+                    @Override
+                    public String getToken() {
+                        return usernameAndPassword;
+                    }
+
+                    @Override
+                    public String getType() {
+                        return getTokenType();
+                    }
+                };
+            }
+            if (usernameAndPassword.contains(":")) {
+                String[] arr = usernameAndPassword.split("[:]");
+                Authentication authentication = authenticationManager.authenticate(new PlainTextUsernamePasswordAuthenticationRequest(arr[0], arr[1]));
+                if (authentication != null) {
+                    return new AuthorizedToken() {
+                        @Override
+                        public String getUserId() {
+                            return authentication.getUser().getId();
+                        }
+
+                        @Override
+                        public String getToken() {
+                            return usernameAndPassword;
+                        }
+
+                        @Override
+                        public String getType() {
+                            return getTokenType();
+                        }
+
+                        @Override
+                        public long getMaxInactiveInterval() {
+                            //60分钟有效期
+                            return 60 * 60 * 1000L;
+                        }
+                    };
+                }
+            }
+        } catch (Exception e) {
+            return null;
+        }
+
+        return null;
+    }
+}